|
|
Prikladnaya Diskretnaya Matematika. Supplement, 2014, Issue 7, Pages 106–108
(Mi pdma168)
|
 |
|
 |
Mathematical Foundations of Computer Security
The universal vulnerability exploitation platform for CTF
P. Y. Sviridov, G. Y. Zaytsev, A. S. Ivachev
Tomsk State University, Tomsk
Abstract:
Capture the Flag (CTF) is a command educational computer security competition. The aim of all CTF games is to capture flags from vulnerable services of other teams. There are a lot of routine tasks in CTF games according to the rules. In order to automate the tasks, a big software project named Pechkin and implemented in C++ is built. The aim of Pechkin is to automate the exploitation of enemy services vulnerabilities. It runs instances of exploits, manages the instances, calculates statistics, performs logging, etc. Pechkin has a modular architecture. Each module implements one of the pointed functions and is started by the main one which is called a platform. The platform connects all the modules by passing messages between them. In different games, many parameters (e.g. the jury system interface and rules) may vary setting some restrictions. Pechkin cares about them, and the team members are free of them. The only offensive concern left for the participants is the creative process of finding vulnerabilities and writing exploits. The architecture allows the implementation of a scalable system with a load-balancing which is very important to CTF, because the game is long, unpredictable, and resource-draining.
Keywords:
CTF, flag, vulnerability, exploit.
Citation:
P. Y. Sviridov, G. Y. Zaytsev, A. S. Ivachev, “The universal vulnerability exploitation platform for CTF”, Prikl. Diskr. Mat. Suppl., 2014, no. 7, 106–108
Linking options:
https://www.mathnet.ru/eng/pdma168 https://www.mathnet.ru/eng/pdma/y2014/i7/p106
|
|
Citation in format AMSBIB
Contact us: